AenBleidd FiND my_validator.cpp init_result buffer overflow

Vulnerability

The vulnerability resides in the init_result function within validator/my_validator.cpp of the FiND project by AenBleidd. The code uses fscanf(f, "%s", buff) with a fixed-size buffer of 256 bytes, but without specifying a width limit, allowing a read of any length. This results in a stack-based buffer overflow. The affected versions are those prior to commit ee2eef34a83644f286c9adcaf30437f92e9c48f1, as the patch replaces fscanf with safer fgets(buff, 256, f). [1]

Exploitation

An attacker can craft a malicious input file that, when processed by FiND's init_result, reads a string longer than 256 bytes into the buff array. No authentication is required if the attacker can supply the file (e.g., via network or local access). The overflow occurs synchronously, without user interaction beyond loading the file. The patch diff shows the dangerous line replaced with a bounded read, confirming the overflow vector. [1]

Impact

Successful exploitation allows an attacker to overflow the stack buffer, potentially corrupting adjacent memory. This can lead to arbitrary code execution with the privileges of the FiND process, or cause denial of service via a crash. The official description rates this as critical, indicating high risk of information disclosure, integrity loss, or system compromise. [1]

Mitigation

The vulnerability is fixed in commit ee2eef34a83644f286c9adcaf30437f92e9c48f1, which applies the patch recommended by the developer. Users should update FiND to include this commit or apply the patch directly. There is no indication that this CVE is listed on CISA's Known Exploited Vulnerabilities (KEV) catalog. No other workarounds are documented in the available references. [1]